If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Possible virus or hacker
IE repeatedly sets it's homepage at something
called "about:blank" and pops up with an ad for spyware detecters. Also, certain system files are missing or corrupt. I've run virus scanners, spyware detecters, scandisk, sfc and dr Watson. Neither detected anything, however dr watson gave me this message: -------------------- unknown has altered Windows system files. Module Name: unknown I also tried online v-scans from mcafee. I'm out of options at this point. Is there anything else I can try? |
#2
|
|||
|
|||
Possible virus or hacker
It is a CoolWebSearch parasite variant:
http://www.spywareinfo.com/~merijn/c...tml#aboutblank http://www.wilderssecurity.com/showp...40&postcount=4 You will need to follow these directions and wait for expert help in one of the forums below, in order to correctly remove this. Download, unzip, and run Hijack This from one of these locations: http://computercops.biz/downloads-cat-14.html http://www.majorgeeks.com/downloads31.html http://www.spywareinfo.com/downloads...HijackThis.exe Unzip to a folder other than your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere you can find it (Desktop, My Documents, or similar). Most of what it lists will be harmless or even required, so do NOT fix anything yet. Copy the log files and paste them into a new post at one of these forums: http://forum.aumha.org/ http://forums.net-integration.net/ http://computercops.biz/forums.html http://forums.spywareinfo.com/index.php?showforum=30 http://tomcoyote.org/forums/ http://www.lavasoftsupport.com http://boards.cexx.org/ The folks there will tell you what to remove. A tutorial for using Hijack This is located he http://tomcoyote.com/hjt/ and an in-depth tutorial is he http://aumha.org/a/hjttutor.htm You will probably also need to download CWShredder, the CoolWeb removal tool, available he http://computercops.biz/downloads-cat-14.html http://www.majorgeeks.com/downloads31.html http://www.spywareinfo.com/downloads...CWShredder.exe http://aumha.org/downloads/cwshredder.zip Do not run it until instructed by an expert in one of the forums above. -- Glen Ventura, MS MVP W95/98 Systems http://dts-l.org/goodpost.htm "T H" wrote in message ... IE repeatedly sets it's homepage at something called "about:blank" and pops up with an ad for spyware detecters. Also, certain system files are missing or corrupt. I've run virus scanners, spyware detecters, scandisk, sfc and dr Watson. Neither detected anything, however dr watson gave me this message: -------------------- unknown has altered Windows system files. Module Name: unknown I also tried online v-scans from mcafee. I'm out of options at this point. Is there anything else I can try? |
#3
|
|||
|
|||
Possible virus or hacker
Ok, the CWS thing has been fixed. But the files that went
missing while it was there haven't returned. I've lost Notebook.exe, all windows games, media player and MSN Messenger and probably more I haven't noticed yet. I was able to reload Messenger and Media Player, but the others are still gone. Is there a way to get them back? |
#4
|
|||
|
|||
Possible virus or hacker
Do you mean Notepad.exe?
Extract the file from your Windows CD (or the .cab file location on your hard drive), using the "Extract one file" option of System File Checker (SFC). HOW TO: Extract Original Compressed Windows Files: http://support.microsoft.com/default...EN-US;129605#5 http://users.westelcom.com/rogersr/sfc.htm#1pp http://users.westelcom.com/rogersr/sfc.htm#2pp For the Games, go to Control Panel Windows Setup, uncheck the Games option if it is check-marked, click Apply; then go back and check-mark Games again, and click Apply. You may be prompted for your Windows CD. -- Glen Ventura, MS MVP W95/98 Systems http://dts-l.org/goodpost.htm "T H" wrote in message ... Ok, the CWS thing has been fixed. But the files that went missing while it was there haven't returned. I've lost Notebook.exe, all windows games, media player and MSN Messenger and probably more I haven't noticed yet. I was able to reload Messenger and Media Player, but the others are still gone. Is there a way to get them back? |
#5
|
|||
|
|||
Possible virus or hacker
I tried restoring games, and they're back. But now
solitaire loads a green screen with weird writing on the blue bar at the top then freezes my pc. I tried freecell and get this message: FREECELL caused a general protection fault in module KRNL386.EXE at 0002:00003077. Registers: EAX=00000042 CS=0167 EIP=00003077 EFLGS=00000246 EBX=00020002 SS=3d67 ESP=00001af2 EBP=00001afa ECX=00000001 DS=3d67 ESI=0002026c FS=05d7 EDX=00000000 ES=05d7 EDI=000081b8 GS=212f Bytes at CS:EIP: 87 4d 22 e3 00 c3 8b 3e 06 00 33 c9 87 4d 22 c3 Stack dump: 07823118 3d67026c 09c51b12 02583d6f 00000042 074a0058 072a0000 0daa0001 02ce1b2c 0000026c 16c70058 3d67ffff 00000000 00583d67 1b460000 179f10d0 I found notepad.exe, but it was altered to notepad.exe.bak, I had norton antivirus quarantine it and restored a second copy of notepad. |
#6
|
|||
|
|||
Possible virus or hacker
As I posted earlier:
Download, unzip, and run Hijack This from one of these locations: http://computercops.biz/downloads-cat-14.html http://www.majorgeeks.com/downloads31.html http://www.spywareinfo.com/downloads...HijackThis.exe Unzip to a folder other than your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere you can find it (Desktop, My Documents, or similar). Most of what it lists will be harmless or even required, so do NOT fix anything yet. Copy the log files and paste them into a new post at one of these forums: http://forum.aumha.org/ http://forums.net-integration.net/ http://computercops.biz/forums.html http://forums.spywareinfo.com/index.php?showforum=30 http://tomcoyote.org/forums/ http://www.lavasoftsupport.com http://boards.cexx.org/ The folks there will tell you what to remove. A tutorial for using Hijack This is located he http://tomcoyote.com/hjt/ and an in-depth tutorial is he http://aumha.org/a/hjttutor.htm Also, see if anything here applies: Problems Running FreeCell And Solitaire with Office XP Installed http://support.microsoft.com?kbid=304402 Err Msg: Solitaire Caused General Protection Fault in Module Sol.exe: http://support.microsoft.com?kbid=234430 General Protection Fault When Starting Microsoft Solitai http://support.microsoft.com?kbid=237900 -- Glen Ventura, MS MVP W95/98 Systems http://dts-l.org/goodpost.htm "T H" wrote in message ... I tried restoring games, and they're back. But now solitaire loads a green screen with weird writing on the blue bar at the top then freezes my pc. I tried freecell and get this message: FREECELL caused a general protection fault in module KRNL386.EXE at 0002:00003077. Registers: EAX=00000042 CS=0167 EIP=00003077 EFLGS=00000246 EBX=00020002 SS=3d67 ESP=00001af2 EBP=00001afa ECX=00000001 DS=3d67 ESI=0002026c FS=05d7 EDX=00000000 ES=05d7 EDI=000081b8 GS=212f Bytes at CS:EIP: 87 4d 22 e3 00 c3 8b 3e 06 00 33 c9 87 4d 22 c3 Stack dump: 07823118 3d67026c 09c51b12 02583d6f 00000042 074a0058 072a0000 0daa0001 02ce1b2c 0000026c 16c70058 3d67ffff 00000000 00583d67 1b460000 179f10d0 I found notepad.exe, but it was altered to notepad.exe.bak, I had norton antivirus quarantine it and restored a second copy of notepad. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
virus vs, hardware | Tracy Poole | General | 1 | July 1st 04 12:32 PM |
Virus?? | General | 4 | June 30th 04 10:27 PM | |
Virus protection on a network query | Blair | Networking | 7 | June 23rd 04 04:48 AM |
Virus scanning issues | Childsplay | General | 14 | June 19th 04 01:27 AM |
PC virus infected - to install another HDD to scan. | Chew Francis | Software & Applications | 0 | June 8th 04 10:14 AM |